CVE-2026-44127

Published: Mag 08, 2026 Last Modified: Mag 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.

External Control of File Name or Path

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Read Files Or Directories Modify Files Or Directories Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Other)

Applicable Platforms

Operating Systems: Unix, Windows, macOS

Likelihood of Exploit: High

View CWE Details

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html…

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security

CVE-2026-44127

Description

External Control of File Name or Path

Common Consequences

Applicable Platforms

Iscriviti alla newsletter